X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=mod%2Fphoto.php;h=434193f71318edc6b9b63abac8feefb8d95a6b4c;hb=2f89a9b3e8c8028ef9dd0bdc8cd8611e5d67903d;hp=6174b10abe9b0d84364b9330e6f82b34d9ee14f5;hpb=04e65823d70d448400d3be7f0b3244ea8658834d;p=friendica.git

diff --git a/mod/photo.php b/mod/photo.php
index 6174b10abe..434193f713 100644
--- a/mod/photo.php
+++ b/mod/photo.php
@@ -1,34 +1,76 @@
 <?php
 
+require_once('include/security.php');
+require_once('include/Photo.php');
+
 function photo_init(&$a) {
+	global $_SERVER;
+
+	$prvcachecontrol = false;
+	$file = "";
 
 	switch($a->argc) {
+		case 4:
+			$person = $a->argv[3];
+			$customres = intval($a->argv[2]);
+			$type = $a->argv[1];
+			break;
 		case 3:
 			$person = $a->argv[2];
 			$type = $a->argv[1];
 			break;
 		case 2:
 			$photo = $a->argv[1];
+			$file = $photo;
 			break;
 		case 1:
 		default:
 			killme();
-			return; // NOTREACHED
+			// NOTREACHED
 	}
 
-	if(x($type)) {
+	//	strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= filemtime($localFileName)) {
+	if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
+		header('HTTP/1.1 304 Not Modified');
+		header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
+		header('Etag: '.$_SERVER['HTTP_IF_NONE_MATCH']);
+	 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
+		header("Cache-Control: max-age=31536000");
+		if(function_exists('header_remove')) {
+			header_remove('Last-Modified');
+			header_remove('Expires');
+			header_remove('Cache-Control');
+		}
+		exit;
+	}
+
+	$default = 'images/person-175.jpg';
+
+	if(isset($type)) {
+
+
+		/**
+		 * Profile photos
+		 */
+
 		switch($type) {
 
 			case 'profile':
+			case 'custom':
 				$resolution = 4;
 				break;
+			case 'micro':
+				$resolution = 6;
+				$default = 'images/person-48.jpg';
+				break;
 			case 'avatar':
 			default:
 				$resolution = 5;
+				$default = 'images/person-80.jpg';
 				break;
 		}
 
-		$uid = str_replace('.jpg', '', $person);
+		$uid = str_replace(array('.jpg','.png'),array('',''), $person);
 
 		$r = q("SELECT * FROM `photo` WHERE `scale` = %d AND `uid` = %d AND `profile` = 1 LIMIT 1",
 			intval($resolution),
@@ -36,18 +78,24 @@ function photo_init(&$a) {
 		);
 		if(count($r)) {
 			$data = $r[0]['data'];
+			$mimetype = $r[0]['type'];
 		}
-		if(x($data) === false) {
-			$data = file_get_contents(($resolution == 5) 
-				? 'images/default-profile-sm.jpg' 
-				: 'images/default-profile.jpg');
+		if(! isset($data)) {
+			$data = file_get_contents($default);
+			$mimetype = 'image/jpeg';
 		}
 	}
 	else {
 
+		/**
+		 * Other photos
+		 */
+
 		$resolution = 0;
-		$photo = str_replace('.jpg','',$photo);
-	
+		foreach( Photo::supportedTypes() as $m=>$e){
+			$photo = str_replace(".$e",'',$photo);
+		}
+
 		if(substr($photo,-2,1) == '-') {
 			$resolution = intval(substr($photo,-1,1));
 			$photo = substr($photo,0,-2);
@@ -58,40 +106,8 @@ function photo_init(&$a) {
 			intval($resolution)
 		);
 		if(count($r)) {
-			
-			$owner = $r[0]['uid'];
-
-			$sql_extra = " AND `allow_cid` = '' AND `allow_gid` = '' AND `deny_cid` = '' AND `deny_gid` = '' ";
-
-			if(local_user() && ($owner == $_SESSION['uid'])) {
 
-				// Owner can always see his/her photos
-				$sql_extra = ''; 
-
-			}
-			elseif(remote_user()) {
-
-				// authenticated visitor - here lie dragons
-
-				$groups = init_groups_visitor($_SESSION['visitor_id']);
-				$gs = '<<>>'; // should be impossible to match
-				if(count($groups)) {
-					foreach($groups as $g)
-						$gs .= '|<' . intval($g) . '>';
-				} 
-
-				$sql_extra = sprintf(
-					" AND ( `allow_cid` = '' OR `allow_cid` REGEXP '<%d>' ) 
-					  AND ( `deny_cid`  = '' OR  NOT `deny_cid` REGEXP '<%d>' ) 
-					  AND ( `allow_gid` = '' OR `allow_gid` REGEXP '%s' )
-					  AND ( `deny_gid`  = '' OR NOT `deny_gid` REGEXP '%s') ",
-
-					intval($_SESSION['visitor_id']),
-					intval($_SESSION['visitor_id']),
-					dbesc($gs),
-					dbesc($gs)
-				);
-			}
+			$sql_extra = permissions_sql($r[0]['uid']);
 
 			// Now we'll see if we can access the photo
 
@@ -100,22 +116,106 @@ function photo_init(&$a) {
 				intval($resolution)
 			);
 
+			$public = ($r[0]['allow_cid'] == '') AND ($r[0]['allow_gid'] == '') AND ($r[0]['deny_cid']  == '') AND ($r[0]['deny_gid']  == '');
+
 			if(count($r)) {
 				$data = $r[0]['data'];
+				$mimetype = $r[0]['type'];
+			}
+			else {
+
+				// Does the picture exist? It may be a remote person with no credentials,
+				// but who should otherwise be able to view it. Show a default image to let 
+				// them know permissions was denied. It may be possible to view the image 
+				// through an authenticated profile visit.
+				// There won't be many completely unauthorised people seeing this because
+				// they won't have the photo link, so there's a reasonable chance that the person
+				// might be able to obtain permission to view it.
+ 
+				$r = q("SELECT * FROM `photo` WHERE `resource-id` = '%s' AND `scale` = %d LIMIT 1",
+					dbesc($photo),
+					intval($resolution)
+				);
+				if(count($r)) {
+					$data = file_get_contents('images/nosign.jpg');
+					$mimetype = 'image/jpeg';
+					$prvcachecontrol = true;
+				}
+			}
+		}
+	}
+
+	if(! isset($data)) {
+		if(isset($resolution)) {
+			switch($resolution) {
+
+				case 4:
+					$data = file_get_contents('images/person-175.jpg');
+					$mimetype = 'image/jpeg';
+					break;
+				case 5:
+					$data = file_get_contents('images/person-80.jpg');
+					$mimetype = 'image/jpeg';
+					break;
+				case 6:
+					$data = file_get_contents('images/person-48.jpg');
+					$mimetype = 'image/jpeg';
+					break;
+				default:
+					killme();
+					// NOTREACHED
+					break;
 			}
 		}
 	}
 
-	if(x($data) === false) {
-		killme();
-		return; // NOTREACHED
+	// Resize only if its not a GIF
+	if ($mime != "image/gif") {
+		$ph = new Photo($data, $mimetype);
+		if($ph->is_valid()) {
+			if(isset($customres) && $customres > 0 && $customres < 500) {
+				$ph->scaleImageSquare($customres);
+			}
+			$data = $ph->imageString();
+			$mimetype = $ph->getType();
+		}
+	}
+
+	if(function_exists('header_remove')) {
+		header_remove('Pragma');
+		header_remove('pragma');
+	}
+
+	header("Content-type: ".$mimetype);
+
+	if($prvcachecontrol) {
+
+		// it is a private photo that they have no permission to view.
+		// tell the browser not to cache it, in case they authenticate
+		// and subsequently have permission to see it
+
+		header("Cache-Control: no-store, no-cache, must-revalidate");
+
+	}
+	else {
+		header("Last-Modified: " . gmdate("D, d M Y H:i:s", time()) . " GMT");
+		header('Etag: "'.md5($data).'"');
+	 	header("Expires: " . gmdate("D, d M Y H:i:s", time() + (31536000)) . " GMT");
+		header("Cache-Control: max-age=31536000");
+	}
+	echo $data;
+
+	// If the photo is public and there is an existing photo directory store the photo there
+	if ($public and ($file != "")) {
+		// If the photo path isn't there, try to create it
+		if (!is_dir($_SERVER["DOCUMENT_ROOT"]."/photo"))
+			if (is_writable($_SERVER["DOCUMENT_ROOT"]))
+				mkdir($_SERVER["DOCUMENT_ROOT"]."/photo");
+
+		if (is_dir($_SERVER["DOCUMENT_ROOT"]."/photo"))
+			file_put_contents($_SERVER["DOCUMENT_ROOT"]."/photo/".$file, $data);
 	}
 
-        header("Content-type: image/jpeg");
-	header('Expires: ' . datetime_convert('UTC','UTC', 'now + 30 minutes', 'D, d M Y H:i:s' . ' GMT'));
-	header('Expires: ' . datetime_convert('UTC','UTC', 'now + 30 minutes', 'D, d M Y H:i:s' . ' GMT'));
-	header("Cache-Control: max-age=3600, must-revalidate");
-        echo $data;
 	killme();
-	return; //NOTREACHED
-}
\ No newline at end of file
+	// NOTREACHED
+}